CVE-2025-54818 - Cognex In-Sight Explorer and In-Sight Camera Firmware Cleartext Transmission of Sensitive Information
CVE ID : CVE-2025-54818
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54818
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54860 - Cognex In-Sight Explorer and In-Sight Camera Firmware Improper Restriction of Excessive Authentication Attempts
CVE ID : CVE-2025-54860
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54860
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and device reboot requiring an authentication. A wrong management of login failures of the service allows a denial-of-service attack, leaving the telnet service into an unreachable state.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59215 - Windows Graphics Component Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59215
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59215
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59216 - Windows Graphics Component Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59216
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59216
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59220 - Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59220
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59220
Published : Sept. 18, 2025, 10:15 p.m. | 2 hours, 49 minutes ago
Description : Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59691 - PureVPN Linux IPv6 Traffic Leak
CVE ID : CVE-2025-59691
Published : Sept. 18, 2025, 11:15 p.m. | 1 hour, 50 minutes ago
Description : PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59691
Published : Sept. 18, 2025, 11:15 p.m. | 1 hour, 50 minutes ago
Description : PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59692 - PureVPN Linux Firewall Bypass Vulnerability
CVE ID : CVE-2025-59692
Published : Sept. 18, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59692
Published : Sept. 18, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30755 - OpenGrok Reflected Cross-Site Scripting
CVE ID : CVE-2025-30755
Published : Sept. 19, 2025, 12:15 a.m. | 50 minutes ago
Description : OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30755
Published : Sept. 19, 2025, 12:15 a.m. | 50 minutes ago
Description : OpenGrok 1.14.1 has a reflected Cross-Site Scripting (XSS) issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6198 - Supermicro BMC firmware update validation bypass
CVE ID : CVE-2025-6198
Published : Sept. 19, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6198
Published : Sept. 19, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10690 - Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation
CVE ID : CVE-2025-10690
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10690
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59670 - Adobe Flash Arbitrary Command Execution Vulnerability
CVE ID : CVE-2025-59670
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59670
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59671 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-59671
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59671
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59672 - Apache HTTP Server Command Injection
CVE ID : CVE-2025-59672
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59672
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59673 - Apache Struts Cross-Site Scripting
CVE ID : CVE-2025-59673
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59673
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59674 - Adobe Photoshop Unvalidated Redirect
CVE ID : CVE-2025-59674
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59674
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59675 - Cisco WebEx Meeting Center Stored XSS
CVE ID : CVE-2025-59675
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59675
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59676 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-59676
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59676
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59677 - Apache HTTP Server Untrusted User Input
CVE ID : CVE-2025-59677
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59677
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59678 - Google Maps Unvalidated Redirect
CVE ID : CVE-2025-59678
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59678
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59712 - Snipe-IT Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-59712
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Snipe-IT before 8.1.18 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59712
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago
Description : Snipe-IT before 8.1.18 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59713 - Snipe-IT Deserialization Vulnerability
CVE ID : CVE-2025-59713
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : Snipe-IT before 8.1.18 allows unsafe deserialization.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59713
Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 49 minutes ago
Description : Snipe-IT before 8.1.18 allows unsafe deserialization.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...